GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
285 advisories
Filter by severity
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21401
was published
Feb 13, 2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Critical
Unreviewed
CVE-2024-21376
was published
Feb 13, 2024
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2024-21364
was published
Feb 13, 2024
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the...
Critical
Unreviewed
CVE-2024-24496
was published
Feb 8, 2024
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This...
Critical
Unreviewed
CVE-2024-0642
was published
Jan 17, 2024
EverShop at risk to unauthorized access via weak HMAC secret
Critical
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16...
Critical
Unreviewed
CVE-2023-7028
was published
Jan 12, 2024
Drupal Improper Access Control
Critical
CVE-2019-6342
was published
for
drupal/core
(Composer)
Jan 11, 2024
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device...
Critical
Unreviewed
CVE-2022-46025
was published
Jan 10, 2024
EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration...
Critical
Unreviewed
CVE-2023-6930
was published
Dec 20, 2023
An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or...
Critical
Unreviewed
CVE-2023-47678
was published
Nov 15, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks...
Critical
Unreviewed
CVE-2023-43505
was published
Nov 14, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks...
Critical
Unreviewed
CVE-2023-46601
was published
Nov 14, 2023
SAP Business One installation - version 10.0, does not perform proper authentication and...
Critical
Unreviewed
CVE-2023-31403
was published
Nov 14, 2023
An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a...
Critical
Unreviewed
CVE-2023-46501
was published
Nov 7, 2023
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due...
Critical
Unreviewed
CVE-2023-46665
was published
Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when...
Critical
Unreviewed
CVE-2023-46664
was published
Oct 26, 2023
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying...
Critical
Unreviewed
CVE-2023-46661
was published
Oct 26, 2023
The cookie session ID is of insufficient length and can be exploited by
brute force, which may...
Critical
Unreviewed
CVE-2023-42769
was published
Oct 26, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are...
Critical
Unreviewed
CVE-2023-41721
was published
Oct 25, 2023
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also...
Critical
Unreviewed
CVE-2023-43119
was published
Oct 16, 2023
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325...
Critical
Unreviewed
CVE-2023-24479
was published
Oct 11, 2023
A command execution vulnerability exists in the validate.so diag_ping_start functionality of...
Critical
Unreviewed
CVE-2023-32632
was published
Oct 11, 2023
ProTip!
Advisories are also available from the
GraphQL API